Questions to Ask During Your Next Antivirus PoC

It’s expected that, when you purchase new hardware, the machine will come with antivirus software already installed. But this “complimentary” inclusion has the tendency to lull some end users into a false sense of security, leading them to believe that they don’t need to implement additional protection.

During your next endpoint security PoC, compare your current best practices and technologies against the following questions to diagnose potential security gaps and determine your current level of protection.

1. How do you manage security alerts?

Technology is only as strong as its implementation and optimization.

Often the answer is “we have a small team” (typically one person, full-time), or “we use Splunk.” If you don’t have an adequate security team to monitor alerts, this becomes a major gap in protection. For example, what happens if an alert comes in overnight while your team is off-the-clock?

Using a product or managed service company that interacts with your security alerts and can take the appropriate steps to mitigate attacks can mitigate this and other risks to ensure your network is more secure.

2. Do you protect devices at the network level?

The old days of your computer getting just a virus are gone. Today, multi-vector attacks (using malware to target vulnerabilities in your software or exploit the human factor of your personnel) have become the new norm, and antivirus software alone isn’t enough to defend your networks. The problem is much broader now than mere viruses.

This is why it is important to take stock of what other types of protection you have for all your devices.

An email scanner and gateway is essential for detecting threats like spam or malware that might come through your email. While your computer might have defenses for attacks like these, you need to think beyond just your laptop or desktop. Are your mobile devices protected from external threats? What about your other network devices?

3. How do you gain coverage against multi-vector attacks?

Because different agents focus on different types of attack vectors, using multiple agents on a single machine can help you get comprehensive protection.

Different vendors tend to focus on different aspects of endpoint security (malware, bots, ransomware, etc.) and each of them finds and mitigates new threats daily. Consider what other products are on the market that would complement the antivirus software that you are already using. That way, you benefit from added protection without losing or negatively affecting the software that you already use for antivirus.

4. What makes the performance hit of multiple agents worthwhile?

When you use multiple agents on a single machine, your performance will decline to a certain extent. Though productivity may be a primary concern, security should not go overlooked as a result. Leveraging multiple agents is the only way to get comprehensive protection, so you must find the right balance between security and performance levels.

During a POC, we recommend running several combinations of agents on your devices to see how they perform with your current applications and business intelligence systems. From there, you can determine which agent is worth the performance hit for the security it provides.

5. How quickly can you respond to a threat?

When it comes to protecting your data, you need to react quickly to avoid significant damage to your networks. To combat today’s fast-moving threats, your software needs to be able to respond in under 10 seconds. (You read that correctly, unfortunately.)

Your endpoint protection (EPP) software doesn’t work on its own; you also need endpoint detection and response (EDR) tools that alert you the moment an attack occurs. Any longer, and you open up your organization to serious security ramifications.

For instance, according to the latest Mandiant report, one organization found an outsider was in its system for more than 70 days before someone noticed. Considering hackers can easily exfiltrate massive amounts of your data in a matter of hours, giving a hacker days and weeks would be devastating to your brand.

Generic Antivirus Doesn’t Prevent Multi-Vector Threats

With new multi-vector attacks cropping up each day, it’s more critical than ever that you protect your environments from all angles. Make sure that your next PoC results in an endpoint security solution tailored to your specific needs.

Need to close the gaps in your traditional “antivirus” security?

ADAPTURE helps you implement the right tools and processes. Contact us now for an endpoint security consultation.